Working with the California Department of Developmental Services, San Andreas Regional Center (“SARC”) provides advocacy, services, and support for individuals with developmental disabilities.
SARC announced today that it experienced a data breach that may involve the personal and protected health information of some individuals it serves. As such, SARC sent notification of this incident to potentially impacted individuals and is providing resources to assist them.
On July 5, 2021, SARC discovered that they were the victim of a sophisticated ransomware attack and encryption event. After discovering the incident, SARC quickly took steps to secure and safely restore its systems and operations.
Further, SARC immediately engaged cybersecurity attorneys and third-party forensic experts to conduct a thorough investigation of the incident’s nature and scope, assist in the remediation efforts, and contacted and filed a report with the FBI.
On August 2, 2021, SARC concluded its initial investigation and determined the incident involved personal and protected health information. SARC believes that the vast majority of impacted individual’s personal information was not obtained. However, SARC’s investigation could not confirm the specific information potentially obtained and or accessed.
Therefore, SARC, out of an abundance of caution, SARC is providing notification to all potentially impacted individuals on August 27, 2021, regardless of the information not being subject to unauthorized access and or acquisition. However, presently, SARC has no evidence indicating misuse of this information.
Further, after reviewing the potentially impacted information, SARC determined that it could include first and last names, addresses, dates of birth, telephone numbers, social security numbers, email addresses, health plan beneficiary numbers, health insurance information, full-face photos and or comparable images, UCI numbers (unique identifying number or code generated by us for you), medical information, diagnosis, disability codes, and certificate/license numbers.
The notification letter to the potentially impacted individuals includes steps that they can take to protect their information and offer them access to complimentary identity monitoring and protection services.
SARC recommends that individuals enroll in the services provided and follow the recommendations contained within the notification letter to ensure their information is protected. Also, in addition to notifying the FBI, SARC reported the incident to certain regulatory authorities, as required.
“The security and privacy of the information contained within our systems is a top priority for us, and we were shocked to learn that we were one of the thousands of victims of this type of cyberattack,” said Executive Director Javier Zaldivar. “We are fully committed to protecting the information on our systems and sincerely regret the worry caused by this incident. We thank the community, our employees, people serviced, and partners for their support during this event.”
As a precautionary measure, SARC recommends that individuals remain vigilant by closely reviewing their account statements and credit reports. If individuals detect any suspicious activity on an account, SARC strongly advise that they promptly notify the financial institution or company that maintains the account.
Further, individuals should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, including their state attorney general and the Federal Trade Commission (FTC).
To file a complaint or to contact the FTC, you can (1) send a letter to the Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580; (2) go to IdentityTheft.gov/databreach; or (3) call 1-877-ID-THEFT (877-438-4338). Complaints filed with the FTC will be added to the FTC’s Identity Theft Data Clearinghouse, a database made available to law enforcement agencies.
For more such updates follow us on Google News ITsecuritywire News.